Configuration manual

ManualsBrandsEnterasys ManualsSwitchEnterasys C5G124-24

401

402

403

404

405

406

407

408

409

410

Access Control Lists on the A4

Fixed Switch Configuration Guide 24-11

C5(su)->router>enable

C5(su)->router#show access-lists ipv6mode

ipv6mode disabled

C5(su)->router#configure

Enter configuration commands:

C5(su)->router(Config)#access-list ipv6mode

Changing ipv6mode will result in a system reset.

Do you wish to proceed? (y/n) y

C5(su)->router

C5(su)->router>enable

C5(su)->router#configure

Enter configuration commands:

C5(su)->router(Config)#access-list mac mymaclist1 deny any any ethertype

appletalk

C5(su)->router(Config)#access-list mac mymaclist1 deny any any ethertype ipx

C5(su)->router(Config)#access-list mac mymaclist1 permit 00-E0-ED-1D-90-D5 any

priority 5 assign-queue 5

C5(su)->router(Config)#show access-lists mymaclist1

mymaclist1 MAC access-list

1: deny any any ethertype appletalk

2: deny any any ethertype ipx

3: permit 00-E0-ED-1D-90-D5 any priority 5 assign-queue 5

C5(su)->router(Config)#interface vlan 300

C5(su)->router(Config-if(Vlan 300))#ip access-group mymaclist1 in

C5(su)->router(Config-if(Vlan 300))#exit

Access Control Lists on the A4

Access control list support on the A4 is different from the support on the other Fixed Switch

platforms. On the A4, an ACL can be configured as a MAC ACL or as an extended IP ACL, and

each type of list can contain only one type of rule:

• MAC ACL rules can contain source and destination MAC addresses. MAC ACLs are uniquely

identified by name.

• Extended IP ACL rules can contain source and destination IP addresses. Extended IP ACLs

are uniquely identified by number, from 100 to 199.

ACLs can be applied to ports with the access-list interface command. ACLs are supported on

Link Aggregation ports as well as physical ports. You can apply MAC, IP, or both types of ACLs to

a port. Rule precedence is based on the priority levels shown in Table 24-1, where highest priority

has precedence.

Table 24-1 ACL Rule Precedence

ACL Type and Rule Priority Example

MAC SA DA exact 23 permit 00-01-01-00-00-01 00-01-02-00-00-23

MAC SA exact DA any 22 deny 00:01:01:00:00:05 any

MAC SA any DA exact 21 deny any 00:01:01:00:00:01

IP SIP DIP exact 20 deny 10.0.1.15 10.0.1.5

IP SIP exact DIP any 19 deny 10.0.1.8 any